Full Install and NanoBSD Comparison

From pfSense Documentation
Jump to: navigation, search

"Full Install" and "NanoBSD" are pfSense installation types. They differ in many ways, and each has its own set of optimal uses. There often isn't any one "right" choice for every deployment. Consult the list below to find the best fit.

Full Install

  • One large disk slice containing the OS, configuration, package data, and all other files
    • Custom disk layouts may be defined during the installation process if a custom install is performed
  • Swap space is added by default (2x RAM size)
    • Swap size is adjustable during the installation process if a custom install is performed
  • Optional software RAID 1 (gmirror) available
  • Upgrade data is written over the top of the existing installation, leaving files manually placed on the disk in place
  • Disk is read-write at all times; No limitations on disk activity
  • /var and /tmp are located on the the disk but may optionally be moved to RAM with custom memory disk sizes
  • Logs, RRD data, DHCP lease database, etc, all persist across reboots without additional intervention
  • All packages are available
  • Will work on most disk types and sizes (depending on possible BIOS restrictions)
  • Recommended for use with HDDs or current generation tier-one SSDs (high quality SSDs with power loss protection capacitors are preferred)
  • Can be installed using a CD (ISO), USB memstick image, or a serial console-enabled USB memstick image
  • Can be run in a "trial" type mode by booting the media without invoking the installation process (no packages)
  • Selection of either VGA or serial kernel during installation
  • Indicated by a platform of "pfSense" inside the System Information widget on the Dashboard


  • Two OS slices for redundancy, each slightly less than half the size of the image (e.g. 1.8GB OS slice sizes on 4GB image)
  • Upgrades write to the alternate slice which is then used for the next boot
    • Each upgrade is handled like a new installation + configuration restore
    • Only certain special files are copied between OS slices during an upgrade
  • Configuration is held on a third common slice unaffected by changes to either OS slice
  • Alternate slice may be used if the first slice is rendered inoperable in some way (e.g. accidentally broken by a manual file change in the OS outside of the GUI/packages)
  • The active OS slice may be copied over the inactive local slice to return it to a known-good state
  • Disk is kept in a read only state to preserve the long-term life of the media, switches to read-write for configuration changes, package installation, etc, then changes back
  • /var and /tmp are RAM disks, so volatile data such as logs, RRD files, DHCP lease databases, and other temporary files do not affect the disk
    • The size of /var and /tmp RAM disks may be adjusted
  • RRD graph database files and the DHCP lease database backed up at shutdown and restored at startup for persistent data
    • An optional timed backup of these may be configured to avoid substantial data loss in these areas
  • Log files are not retained across reboots
  • No swap space, RAM size is a hard limit
  • Packages that are large or that require write access to the disk are restricted/unavailable (e.g. ntopng)
  • Expanding storage size is not supported via the GUI or other automated means
  • Works best with write-limited flash-based media such as Compact Flash (CF), USB thumb drives, and SD cards
  • Available in 2GB, and 4GB sizes
  • Available in serial console or VGA console varieties
  • Installed by writing the disk image directly to the target media (e.g. using dd, physdiskwrite, Win32 Disk Imager)
  • Indicated by a platform of "NanoBSD" along with the image size inside the System Information widget on the Dashboard